New Flash XSS technique (thousands of websites at risk)

New Flash XSS technique (thousands of websites at risk)
This week I spent a good amount of time studying the recent attack technique disclosed about XSS issues in common Shockwave Flash Files. At first I thought, “eh, looks cool, but probably just some theoretical edge case”. Then in working with white paper author Rich Cannings I came to understand that the details are more complex than I originally gave credit. Apparently the scope of the problem is easy to underestimate with potentially hundreds of thousands of websites at risk (right, as if we needed more XSS to deal with). The other thing is that reasonably workable fixes are going to be a long time coming.

In many ways the issue is similar to that of Adobe’s Universal XSS problem from last year. At its simplest, this issue describes that vulnerable Flash files can be used to XSS the hosting domain. The URL would look something like this:

**Hidden Content: To see this hidden content your post count must be 15 or greater.**

copy from WhiteHat Security

Thread: New Flash XSS technique (thousands of websites at risk)

Thread Tools

Similar Threads

Satellite Direct Brings Thousands of TV Channels Straight to Your PC THB1

Satellite Direct Brings Thousands of TV Channels Straight to Your PC

Thousands of sites loaded with potent malware cocktail

Long running job fraud may have snared thousands

Technique การแปลง URL

Members who have read this thread : 0

Tags for this Thread

Posting Permissions